Public/Configuration/Baseline/Read-PolicyFile.ps1
|
function Read-PolicyFile { param( [Parameter(Mandatory)] [string]$Path, [Parameter(Mandatory)] [string]$TenantId ) Connect-CustomerGraph -CustomerTenantId $TenantId $RawContent = Get-Content -Path $Path -Raw $ReplacementTypes = @( "ReplaceGroup", "ReplaceUser", "ReplaceTenantId", "ReplaceNamedLocation", "ReplaceAuthenticationStrength", "ReplaceGroupSID" ) foreach($ReplacementType in $ReplacementTypes) { # Match patterns like #ReplaceGroup#_Jysk-IT-Baseline-Group $ReplacementPattern = "#$($ReplacementType)#_([\w\s-]+)" $ReplacementsFound = [regex]::Matches($RawContent, $ReplacementPattern) | ForEach-Object { $_.Groups[1].Value } switch ($ReplacementType) { "ReplaceGroup" { foreach($ReplacementFound in $ReplacementsFound) { #Write-Host "Found replacement type '$ReplacementType' with value '$ReplacementFound' in file '$Path'" if($ReplacementFound -eq "AllUsers") { $Group = Get-MgGroup -Filter "displayName eq 'Alle brugere' or displayName eq 'All Users'" } else { $Group = Get-MgGroup -Filter "displayName eq '$ReplacementFound'" } if($Group) { $RawContent = $RawContent -replace "#$ReplacementType#_$ReplacementFound", $Group.Id #Write-Host "Replaced '$ReplacementFound' with '$($Group.Id)' in file '$Path'" } else { Write-Warning "Group '$ReplacementFound' not found in tenant." } } } "ReplaceUser" { foreach($ReplacementFound in $ReplacementsFound) { #Write-Host "Found replacement type '$ReplacementType' with value '$ReplacementFound' in file '$Path'" $User = Get-MgUser -Filter "displayName eq '$ReplacementFound' or mailNickname eq '$ReplacementFound'" if($User) { $RawContent = $RawContent -replace "#$ReplacementType#_$ReplacementFound", $User.Id #Write-Host "Replaced '$ReplacementFound' with '$($User.Id)' in file '$Path'" } else { Write-Warning "User '$ReplacementFound' not found in tenant." } } } "ReplaceTenantId" { foreach($ReplacementFound in $ReplacementsFound) { Write-Host "Found replacement type '$ReplacementType' with value '$ReplacementFound' in file '$Path'" $RawContent = $RawContent -replace "#$ReplacementType#_$ReplacementFound", $TenantId Write-Host "Replaced '$ReplacementFound' with '$TenantId' in file '$Path'" } } "ReplaceNamedLocation" { foreach($ReplacementFound in $ReplacementsFound) { #Write-Host "Found replacement type '$ReplacementType' with value '$ReplacementFound' in file '$Path'" $NamedLocation = Get-MgIdentityConditionalAccessNamedLocation -Filter "displayName eq '$ReplacementFound'" if($NamedLocation) { $RawContent = $RawContent -replace "#$ReplacementType#_$ReplacementFound", $NamedLocation.Id #Write-Host "Replaced '$ReplacementFound' with '$($NamedLocation.Id)' in file '$Path'" } else { Write-Warning "Named location '$ReplacementFound' not found in tenant." } } } "ReplaceAuthenticationStrength" { foreach($ReplacementFound in $ReplacementsFound) { #Write-Host "Found replacement type '$ReplacementType' with value '$ReplacementFound' in file '$Path'" $AuthenticationStrength = Get-MgPolicyAuthenticationStrengthPolicy -Filter "displayName eq '$ReplacementFound'" if($AuthenticationStrength) { $RawContent = $RawContent -replace "#$ReplacementType#_$ReplacementFound", $AuthenticationStrength.Id #Write-Host "Replaced '$ReplacementFound' with '$($AuthenticationStrength.Id)' in file '$Path'" } else { Write-Warning "Authentication strength '$ReplacementFound' not found in tenant." } } } "ReplaceGroupSID" { foreach($ReplacementFound in $ReplacementsFound) { #Write-Host "Found replacement type '$ReplacementType' with value '$ReplacementFound' in file '$Path'" $Group = Get-MgGroup -Filter "displayName eq '$ReplacementFound'" if($Group) { $SID = Convert-EntraIDObjectIDToSid -ObjectId $Group.id $RawContent = $RawContent -replace "#$ReplacementType#_$ReplacementFound", $SID #Write-Host "Replaced '$ReplacementFound' with '$($SID)' in file '$Path'" } else { Write-Warning "Group '$ReplacementFound' not found in tenant." } } } Default {} } } return $RawContent | ConvertFrom-Json -AsHashtable -Depth 100 } |